From Security Weekly Wiki
Jump to navigationJump to search

(15 Seconds of silince)

(get all the laughter out)

(Record the Welcome Intro)

(More silence)

FiT Stinger

Theme Music, Episode 29 for May 26, 2006

"Welcome to PaulDotCom Security Weekly, Episode 29 for May 26, 2006"

From the PSW studios

“Welcome to this edition of PaulDotCom Security Weekly, a show for the listeners, because, well, without you we're just a bunch of guys at a bar drinking beer."

"I am your host Paul Asadoorian, “and I’m your co-host Larry Pesce" and we've also got our extra special host Twitchy.

Hello to all of our live audience listeners via Skypecast!


This episode is sponsored by Syngress Publishing, its like porn for hackers, crackers, and IT security professionals.

Listen to the question at the end of each show, then go to the pauldotcom blog and be the first to post the CORRECT answer to recieve a free copy of any in-stock book on the Syngress web site!

Last weeks winner was Kirk who stated the correct answer:

"MGCP was defined in RFCs 2705 & 3435. It is also know as H.248 and Megaco via http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci817224,00.html"

We also liked reids answer of "I mostly just know it as "the current big fucking headache"'

The fake question of "What was the name of the first move Jet Li acted in and what year was it produced? Where was it shot?" A couple of you were close, but not quite. Paul, what is the answer?

This episode is also sponsored by Core Security Technologies.

Larry: Use Core impact to penetrate your network day and night and not get tired!

Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.

We are also sponsored by the SANS Institute, where you can get schooled and like it!. Get hands-on training in intrusion detection, forensics, hacking and exploiting, and drinking beer.... Listen for the discount code at the end of the show for 5% off SANSFIRE, July 5-11th in Washington DC. Almost every SANS track will be offered! ANd twitchy will be there!


Announcement: Logo and slogan contest is over! The Logo winner is Kreg Stepe, and the slogan winner is Paul Battista. Please drop us a note so we can get you your prizes.

Kreg's logo will be in the blogg entry, adn album art.

Paul's slogans included:

We Ain't Sniffing Panties Well We Ain't Sniffing Panties Because Sniffing Packets is Better then Sniffing Panties Security Over a Beer Cyber Ninjas at Work Digital Ninjas in Training We Steal Passwords like its your bike I Stole Your Password Like I Stole Your Bike I Hacked your mom

On to listener feedback...

Great Idea - UTTechno1 - Listener Feedback

James writes in:

I was just thinking...yeh I know, I shouldn't strain myself ;-)

You guys talk ALOT about pen testing how about some content about the business of pen testing? Like 1. what skills would a prospective pen tester need to acquire? 2. how do you price a pen test engagement...I'm thinking most of these gigs fall in the 25k to 50k range...but I may be totally full of it. 3. how do you promote or advertise your business? 4. advertisement/business development issues? 5. Yeh core impact is great but how do you pass that cost along to your customers? etc etc talk amongst yourselves ;-)

Mike Writes in:

First, a bit of what I hope is constructive criticism. I listened to a couple of podcasts "on the speakers" once, and my wife listened to a bit too. She now calls you guys the college guys (as in, I say "I was listening to the college guys podcast," and she knows what I mean). I don't want to criticize your style, because I like it, but while I realize you tend to have a wobbly pop or three while doing the 'cast, and beer makes one belch, and Larry (I think it's you, Larry) produces some fine ones... I don't think listeners necessarily need to hear that. I'll keep listening, but you may want to consider muting your mic.

[Why do people get so offended with the belching?]

<a whole bunch more stuff followed, mostly for twitchy, and included everything from what operating system planes run, to C vs Java, to the open wireless question, to Stephen Harper's alleged kitten eating, to are honeypots entrapment?, to OS X vs open source, to drive encryption>

[Whew, none of which I really care to discuss on the show because they are not so much security related and more a religious or politcal debate which we are happy to discuss in email or in the IRC channel but not bore the listeners with, its just not what this podcast is about.]

Tom writes in:

Paul, Larry, Twitch, The Mason

THe Best Buy loacted at 825 Pilgrim Way, Green Bay, WI 54303 - Phone number 920-494-2950 employs Chad Davis (http://www.justice.gov/criminal/cybercrime/davis.htm ) the "Global Hell" Hacker.

I have a friend who also works at the store and has told me stories about what the guy says he does. First thought is -how would you like this guy sent to your home to work on your computer - second thought is - how would you like this guy to take your credit card at the store - third thought is - what the hell is Best Buy doing for a hiring policy.

Great show,


Christian writes in:

Do you guys know a way to locate and identify servers on the web without scanning? I am looking for publicly accessible databases or search engine queries, that, for example, list all publicly accessible dns servers….

[we do, but if we told you, we'd have to send ninjas to kill you]

[Music] Story Time With Twitchy

Twitchy tells us a hacking story about something...

Paul also has a story about Best Buy!


Billy's Browser - Johnny Long Sweeper - News


Episode28 Show Notes

George Class Promo

Syngress question of the week: Are you the Keymaster?

Core discount code impactbsg

SANS discount code is <pauldotcom>.

Thank you for listening, psw@pauldotcom.com, http://pauldotcom.com Phone number Pauldotcom Security Weekly, PO Box 860, Greenville RI, 02828